CVE-2026-53522

Summary: Nezha Monitoring (versions 1.0.0–before 2.2.0) exposes two endpoints that create long-lived WebSocket streams, allowing resource exhaustion due to unbounded per-stream tracking. The endpoints are POST /api/v1/terminal (terminal.go) and POST /api/v1/file (fm.go), which call CreateStream t...

SUSE CVE-2026-11068

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

Chromium: CVE-2026-11068 Use after free in WebSockets

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

CVE-2026-11068

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-11068

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11068

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11068

Summary: CVE-2026-11068 is a use-after-free in Chrome’s WebSockets implementation that could allow remote code execution inside a sandbox. The issue affects Google Chrome builds prior to version 149.0.7827.53. The vulnerability description across multiple sources aligns on the same root cause and...

PT-2026-46596

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in WebSockets, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a crafted HTML page. Use after free is a memory...

Missing Origin Validation in WebSockets

Overview kanban is an A kanban foundation for coding agents Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets due to the lack of enforcement of origin and host policy. An attacker can gain unauthorized access to sensitive data and perform actions on behal...

CVE-2026-48779

creationtimestamp| type| source ---|---|--- 2026-05-22 18:05:36+00:00| published-proof-of-concept| https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p 2026-06-17 00:09:20+00:00| seen| https://gist.github.com/djlan/becffd7152d874641e42038b1b748f54 2026-06-17 00:55:40+00:00|...

CVE-2025-27853

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...

PT-2026-39754

Name of the Vulnerable Software and Affected Versions Next.js versions 15.2.0 through 15.5.17 Next.js versions 16.0.0 through 16.2.5 Description A flaw exists where a previous security fix was not correctly applied to middleware.ts when used in conjunction with Turbopack, a high-performance...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via inadequate validation of the Origin header during WebSocket connection upgrades. An attacker can gain unauthorized access to sensitive log data by convincing an authenticated user to visit a...

MAL-2026-3347 Malicious code in gemini-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c8996b17229185440fe7523f20f72ea848f3a001baa8946ca80fa6b5d3221ad The package is a RAT performing full exfiltration and executing remote commands through a custom RPC protocol over WebSockets, and eventually establishing a...

Exploit for CVE-2025-68930

🔍 Análisis del CVE-2025-68930: Vulnerabilidad de Secuestro de...

Astra Linux – Vulnerability in Chromium

Before version 88.0.4324.182, using use after free in Web Sockets with Google Chrome on Linux allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

[SECURITY] Fedora 44 Update: mingw-qt6-qtwebsockets-6.10.3-1.fc44

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...